VERS='4.8.4-07032023'

noheader=' service status-check nightlyrephp7.3-fpm,new backup report check checkcerts gitea update-nodes copynpmcerts singleservercheck update-dyndns '
CERT_DAEMON='/snap/bin/certbot'
FOLDER=/opt/idssys/nodemgmt
SCRIPT=${FOLDER}/nodemgmt-scripts.sh
TMPFOLDER=${FOLDER}/.tmp
LOGFOLDER=${FOLDER}/logs
LOGFILE=${LOGFOLDER}/logfile

RENOTIFY=1800

[ ! -d ${TMPFOLDER} ] && mkdir ${TMPFOLDER}
[ ! -d ${LOGFOLDER} ] && mkdir ${LOGFOLDER}

declare -i errtime

NM_SRVCOPT=(start stop restart reload enable disable)

if [ -f ${FOLDER}/defaults.local.inc ]; then
	declare -A NM_HOSTS
	declare -A NM_SERVICES_CHECK
	declare -A NM_DOCKERS_CHECK
	declare -A NM_REPL_CHECK
	declare -A NM_REPL_NGINX_PATHS
	declare -A NM_HOSTNAMES
	declare -A NM_NODETYPES
	declare -A NM_SERVICE_DESC
	declare -A NM_DOCKER_DESC
	declare -A NM_DOCKER_COMPOSE_LOC
	declare -A NM_REPL_CHECK_LOC
	declare -A NM_REPL_DESC
	declare -A NM_SINGLESRVR_SERVICES
	declare -A NM_SINGLESRVR_DOCKERS
	declare -A NM_SINGLESRVR_IP
	
	source ${FOLDER}/defaults.local.inc

	IFS=,
	LOCAL_SERVICES=(${LOCAL_SERVICES})
	unset IFS
	
	declare -a NODE_TYPES
	for nmtype in "${!NM_HOSTS[@]}"; do
		NODE_TYPES+=(${nmtype})
	done
		
	for ntype in "${NODE_TYPES[@]}"; do
		arr ${ntype}_HOSTS
		arr ${ntype}_SERVICES_CHECK
		arr ${ntype}_DOCKERS_CHECK
		arr ${ntype}_REPL_CHECK
		arr ${ntype}_SINGLESRVR_SERVICES
		arr ${ntype}_SINGLESRVR_DOCKERS
		arr ${ntype}_SINGLESRVR_IP
		
		IFS=,; var=(${NM_HOSTS[${ntype}]}); unset IFS
		for value in "${var[@]}"; do
			arr_insert ${ntype}_HOSTS $value
		done
		
		if [ "${NM_SERVICES_CHECK[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_SERVICES_CHECK[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_SERVICES_CHECK $value
			done
		fi
		
		if [ "${NM_DOCKERS_CHECK[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_DOCKERS_CHECK[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_DOCKERS_CHECK $value
			done
		fi
		
		if [ "${NM_REPL_CHECK[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_REPL_CHECK[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_REPL_CHECK $value
			done
		fi
		
		if [ "${NM_SINGLESRVR_SERVICES[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_SINGLESRVR_SERVICES[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_SINGLESRVR_SERVICES $value
			done
		fi
		
		if [ "${NM_SINGLESRVR_DOCKERS[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_SINGLESRVR_DOCKERS[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_SINGLESRVR_DOCKERS $value
			done
		fi
		
		if [ "${NM_SINGLESRVR_IP[${ntype}]}" != "" ]; then
			IFS=,; var=(${NM_SINGLESRVR_IP[${ntype}]}); unset IFS
			for value in "${var[@]}"; do
				arr_insert ${ntype}_SINGLESRVR_IP $value
			done
		# else
		# 	declare "${ntype}_SINGLESRVR_IP"=""
		fi
	done
	
fi

declare -A NM_SRVCOPTS
NM_SRVCOPTS['status']='Status'
NM_SRVCOPTS['start']='Start'
NM_SRVCOPTS['stop']='Stopp'
NM_SRVCOPTS['restart']='Restart'
NM_SRVCOPTS['reload']='Reload'
NM_SRVCOPTS['enable']='Enabl'
NM_SRVCOPTS['disable']='Disabl'
NM_SRVCOPTS['daemon-reload']='Daemon-Reload'

declare -A NM_BACKUP_ITEMS
NM_BACKUP_ITEMS['nginx-settings']=/etc/nginx
NM_BACKUP_ITEMS['nginx-logs']=/var/log/nginx
NM_BACKUP_ITEMS['letsencrypt-certs']=/etc/letsencrypt
NM_BACKUP_ITEMS['webserver-files']=/var/www
NM_BACKUP_ITEMS['haproxy']=/etc/haproxy
NM_BACKUP_ITEMS['keepalived']=/etc/keepalived
NM_BACKUP_ITEMS['fail2ban']=/etc/fail2ban
# NM_BACKUP_ITEMS[nginx]=/




GET-CHECKCERT-DOMAINS(){
	declare -A CHECKCERT_DOMAINS
	IFS=$'\n'
	for LINE in `egrep -v '(^#|^$)' ${FOLDER}/ssl-cert-check/ssldomains`; do
	    HOST=${LINE%% *}
	    PORT=${LINE#* }
	    IFS=" "
		CHECKCERT_DOMAINS[${HOST}]=${PORT}
	done
	unset IFS
}

DISP_HEADER(){
	declare -i cw; declare -i spc1; declare -i c
	if [ "$1" = true ]; then
		clear
	fi
	echo 
	echo -e "${idsCL[LightGreen]} NodeMgmt - Node Monitoring & Management${idsCL[Default]}  ${idsCL[DarkGray]}(ver-${VERS})${idsCL[Default]}"
	DIVIDER . lightGreen
	echo 
}

CERT-CHECK(){
	TARGET="mysite.example.net"; 
	RECIPIENT="hostmaster@mysite.example.net";
	DAYS=7;
	echo "checking if $TARGET expires in less than $DAYS days";
	expirationdate=$(date -d "$(: | openssl s_client -connect $TARGET:443 -servername $TARGET 2>/dev/null \
	                              | openssl x509 -text \
	                              | grep 'Not After' \
	                              |awk '{print $4,$5,$7}')" '+%s'); 
	in7days=$(($(date +%s) + (86400*$DAYS)));
	if [ $in7days -gt $expirationdate ]; then
	    echo "KO - Certificate for $TARGET expires in less than $DAYS days, on $(date -d @$expirationdate '+%Y-%m-%d')" \
	    | mail -s "Certificate expiration warning for $TARGET" $RECIPIENT ;
	else
	    echo "OK - Certificate expires on $expirationdate";
	fi
}

SENDNOTICE(){
	[ "${PUSHOVER_APP_TOKEN}" != "" ] && PUSH_TO_MOBILE "${2}

$(date)" "${1}" ${3} &
	
	[ "${EMAIL_NOTICE}" != "" ] && echo -e "${1}\n\n$(date)" | mail -s "${2}" ${EMAIL_NOTICE}
	
}